Privacy Notice

Introduction

This privacy notice is issued by Sumer Group Holdings Limited on its behalf, and on behalf of its subsidiaries (each a “member of the Sumer Group” and together, “Sumer“, the “Sumer Group“, “we“, “us” or “our“). Sumer is committed to protecting the privacy of individuals whose data we process and complying with our obligations under applicable data protection laws (“Data Protection Laws“).

This privacy notice provides you with information on how we process personal data which we collect about you in connection with the provision of accounting, tax, audit, advisory and/or other business services, including if you are a potential, current or former client or business contact of Sumer, if you are a contractor or service provider to Sumer, if you are applying for employment or work experience with us, and/or if you use our website. In addition, it outlines your rights under Data Protection Laws.

We may from time to time update this privacy notice at our discretion.

If you have any queries in relation to our processing of your personal data please contact us at compliance@sumer.co.uk.

Your guide to our privacy notice

This privacy notice is provided in a layered format to allow you to navigate it easily. The privacy notice is split into the following sections:

SECTION ONE – THE CONTROLLER OF YOUR PERSONAL DATA

The controller of your personal data is the entity which, alone or jointly with others, determines the purposes and means of the processing of your personal data.

The member(s) of the Sumer Group which act as a controller of your personal data will depend on the circumstances for which you engage with Sumer and/or provide your personal data to Sumer. For example, if you apply for a job with, receive advice from, visit the website of or otherwise engage with Monahans Limited, then Monahans Limited will be the controller of your personal data. Similarly, if you apply for a job with, receive advice from, visit the website of or otherwise engage with EQ Accountants Limited, then EQ Accountants Limited will be the controller of your personal data.

There may be circumstances where more than one member of the Sumer Group is a controller of your personal data. A list of all of the members of the Sumer Group is available at  Members of the Sumer Group. This list may be updated from time to time. If you would like further information on who the specific controller(s) of your personal data are, then please contact us at compliance@sumer.co.uk.

SECTION TWO – HOW WE PROCESS YOUR PERSONAL DATA

PART ONE – CLIENTS

This section of our privacy notice sets out how we may process personal data about our clients (including potential, current and former clients). In this section, “you” and “your” refers to a person whose personal data is held by us, where that data has been provided to us by a client or (if our client is an organisation) by its employees, agents or representatives on its behalf, or has been collected by us, in each case, in the context of the operation of our business, including the provision by us of accounting, tax, audit, advisory and/or other business services.

The data we may hold

We may hold various kinds of personal data about you, which you (or, if our client is a business) our client provide to us from time to time or which we otherwise obtain in the course of our relationship with you (for example, from third parties including background check providers), and which we have grouped together as follows:

We will not usually collect any special categories of personal data about you, except in limited circumstances where: (i) this is relevant to any services that we are providing to the client or you; or (ii) this is revealed as part of our anti-money laundering checks; or (iii) you volunteer the information to us in writing.

What we use your personal data for

We will only use your personal data for the following purposes:

Legal basis for processing your personal information

We will only use your personal information as the law permits. The legal bases we principally rely upon when processing your personal data are as follows:

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose / ActivityType of dataLegal basis for processing
To administer and manage our relationship with you or (where our client is an organisation) with our client.Identity data
Contact data
Employment data
Correspondence data
Financial and tax related data
Family data
Performance of a contract with you. Our legitimate interests of pursuing and developing our business and providing services to you or, if our client is an organisation, to our client.
To provide, or facilitate the provision of, accounting, tax, audit, advisory and/or other business services to you or (where our client is an organisation) to our client.Identity data
Contact data
Employment data
Correspondence data
Financial and tax related data
Family data
KYC and other background data
Performance of a contract with you. Our legitimate interests of pursuing and developing our business and providing services to you or, if our client is an organisation, to our client.
To instruct bank transfers and other payments required as part of accounting, tax, audit, advisory and/or other business services which we have provided.Identity data
Contact data
Correspondence data
KYC and other background data
Financial and tax related data
Performance of a contract with you. Our legitimate interests of providing services to you or, if our client is an organisation, to our client.Compliance with our legal and regulatory obligations.
To conduct our business, including in relation to accounting, tax, audit, advisory and/or other business services.Identity dataContact dataEmployment dataCorrespondence dataKYC and other background dataFinancial and tax related dataFamily dataPerformance of a contract with you. Our legitimate interests of pursuing and developing our business and providing services to you or, if our client is an organisation, to our client.
To comply with our legal and regulatory requirements, such as anti-money laundering laws, the rules of the Financial Reporting Council, the requirements of the Financial Conduct Authority, and the  rules and requirements of the ICAEW and ACCA.Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Compliance with our legal and regulatory obligations.
To send you updates, news items, articles or other material which we think may be of interest to you, including in certain circumstances marketing material.Identity data
Contact data
Correspondence data
Our legitimate interests of pursuing and developing our business.In certain circumstances (in relation to marketing) with your consent.
To send you invitations to events and seminars and the like which we think may be of interest to you.Identity data
Contact data
Correspondence data
Our legitimate interests of pursuing and developing our business.In certain circumstances (in relation to marketing) with your consent.
To monitor emails sent to us (including attachments) for viruses or malicious software.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests of protecting and maintaining the security of our systems.
To protect and manage email traffic.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests of protecting and maintaining the security of our systems.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.Identity dataTechnical dataCCTV dataOur legitimate interests of protecting the safety and security of our offices and staff.
To manage and analyse data, including in connection with our data warehouse.Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family dataTechnical data
Our legitimate interests of pursuing and developing our business, including for service improvement, product development and by analysing aggregated data to support data analysis and support the business in making informed decisions.
To share personal data with third parties in certain circumstances as detailed in Section  Three (including in certain circumstances with third parties based outside of the UK and/or EEA).Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family dataTechnical data
CCTV data
Our legitimate interests of managing, performing and conducting our business (including outsourcing certain work and/or services).Compliance with our legal and regulatory obligations.Performance of a contract with you or taking steps prior to entering into a contract with you.
Generally to manage the activities of our business, including monitoring and recording electronic communications (including telephone calls and emails).Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family data
Technical dataCCTV data
Our legitimate interests including of pursuing and developing our business and providing services to you or, if our client is an organisation, our client, protecting and maintaining the security of our systems, offices and staff and generally to manage and operate our business.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Where your consent is required

Other than (in certain circumstances) to enable us to send you marketing communications (as described below), we do not anticipate being required to obtain your consent for the processing of your personal data as listed above. If we consider it necessary to use your personal data for other purposes which do require your consent we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Processing of information about criminal convictions

We may process information about criminal convictions as part of and/or in connection with the provision of services to our clients. We may process information about criminal convictions relating to clients’ staff and/or directors including in connection with an audit to verify whether relevant Disclosure and Barring Service Checks have been undertaken. We will only collect and use information about criminal convictions where we have a lawful basis to do so. For example, we may use information relating to criminal convictions in relation to legal claims or where regulatory requirements relating to unlawful acts and dishonesty apply.

Marketing

We may send to you from time to time, by electronic means or post, marketing communications:

We will only send you marketing communications if we have a lawful basis to do so.

Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you.

If you fail to provide personal information requested

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (and accordingly may be unable to provide you with accounting, tax, audit, advisory and/or other business services). We will notify you if this is the case at that time.

PART TWO – BUSINESS CONTACTS

This section of our privacy notice sets out how we may process personal data in relation to business contacts such as if you have provided us with your business card, or have corresponded with a director or employee of Sumer and/or have attended Sumer events. It may also include persons who are connected to our clients (for example, family members) where it is relevant in connection with the advice and services we are providing to our client.

In this section you and your means a person who is a business contact of Sumer (who is not a client) and whose personal data has been provided to or collected by us, in the context of our business and our work in the provision of accounting, tax, audit, advisory and/or other business services.

The data we may hold

We may hold various kinds of personal data about you which you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:

We will not usually collect any special categories of personal data about you, except where: (i) you are invited to attend certain Sumer social events where this may be relevant; or (ii) you volunteer the information to us in writing.

What we use your personal data for


Legal basis for processing your personal information

We will only use your personal information as the law permits. The legal bases we principally rely upon when processing your personal data are as follows:

Purpose / ActivityType of dataLegal basis for processing
To administer and manage our relationship or potential relationship with you.Identity data
Contact data
Employment data
Correspondence data
Financial and tax related data
Family data
Our legitimate interests of pursuing and developing our business.
To provide, or facilitate the provision of, services or advice to our client(s) (where you are connected to the client and it is relevant for the purposes of providing our services and/or advice).Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family data
Our legitimate interests of pursuing and developing our business and providing services to our clients.
To comply with our legal and regulatory requirements, such as anti-money laundering laws, the rules of the Financial Reporting Council, the requirements of the Financial Conduct Authority, and the  rules and requirements of the ICAEW and ACCA.Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Compliance with our legal and regulatory obligations.
To send you updates, news items, articles or other material which we think may be of interest to you, including in certain circumstances marketing material.Identity data
Contact data
Correspondence data
Our legitimate interests of pursuing and developing our business.In certain circumstances (in relation to marketing) with your consent.
To send you invitations to events and seminars and the like which we think may be of interest to you and to facilitate your attendance at such events.Identity data
Contact data
Correspondence data
Our legitimate interests of pursuing and developing our business.In certain circumstances (in relation to marketing) with your consent.
To monitor emails sent to us (including attachments) for viruses or malicious software.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests of protecting and maintaining the security of our systems.
To protect and manage email traffic.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests of protecting and maintaining the security of our systems.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.Identity data
Technical data
CCTV data
Our legitimate interests of protecting the safety and security of our offices and staff.
To share personal data with third parties in certain circumstances as detailed in Section Three (including in certain circumstances with third parties based outside of the UK and/or EEA).Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family dataTechnical data
CCTV data
Our legitimate interests of managing, performing and conducting our business (including outsourcing certain work and/or services). Compliance with our legal and regulatory obligations.
Generally to manage the activities of our business, including monitoring and recording electronic communications (including telephone calls and emails).Identity data
Contact data
Employment data
Correspondence data
KYC and other background data
Financial and tax related data
Family data
Technical data
CCTV data
Our legitimate interests including of pursuing and developing our business, providing services to our clients, protecting and maintaining the security of our systems, offices and staff and generally to manage and operate our business.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Where your consent is required

Other than (in certain circumstances) to enable us to send you marketing communications (as described below), we do not anticipate being required to obtain your consent for the processing of your personal data as listed above. If we consider it necessary to use your personal data for other purposes which do require your consent we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Marketing

We may send to you from time to time, by electronic means or post, marketing communications:

We will only send you marketing communications if we have a lawful basis to do so.

Please note, you can ask us to stop sending you marketing messages at any time by following the opt-out or unsubscribe links on any marketing message sent to you.

If you fail to provide personal information requested

Where we need to collect personal data by law or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (and accordingly may be unable to continue our business relationship with you). We will notify you if this is the case at that time.

PART THREE – CONTRACTORS & SERVICE PROVIDERS

This section of our privacy notice sets out how we may process personal data about contractors and service providers to Sumer.  In this section:

The data we may hold

We may hold various kinds of personal data about you which the contractor or service provider or you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:

We will not usually collect any special categories of personal data about you, except where (i) this is relevant to any services that you are providing to Sumer, or (ii) you volunteer this information to us in writing.

What we use your personal data for

We will only use your personal data for the following purposes:

Legal basis for processing your personal information

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose / ActivityType of dataLegal basis for processing
To administer and manage our relationship with you and/or the contractor or service provider.Identity data
Contact data
Employment data
Correspondence data
Financial data
Performance of a contract with you. Our legitimate interests of pursuing and developing our business and receiving services from the contractor or service provider.
To comply with our obligations under the terms of a contract between the contractor or service provider and Sumer.Identity data
Contact data
Employment data
Correspondence data
Financial data
Performance of a contract with you. Our legitimate interests of pursuing and developing our business, receiving services from the contractor or service provider and complying with the terms of contracts to which we are a party.
To assess your skills and qualifications, your suitability for the role and to decide whether to enter into a contract with you, the contractor or service provider or to permit access to our offices.Identity data
Contact data
Employment data
Correspondence data
Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services.
To assess and to monitor the standard of services being provided or offered to us.Identity data
Contact data
Employment data
Correspondence data
Our legitimate interests of pursuing and developing our business and ensuring continuity and quality of services.
To allow us to process payments in relation to any goods and services provided to Sumer.Identity data
Contact data
Correspondence data
Financial data
Performance of a contract with you.Our legitimate interests of pursuing and developing our business, receiving services from the contractor or service provider and complying with the terms of contracts to which we are a party.
To update and maintain our records including details of people that have accessed our offices.Identity data
Contact data
Employment data
Correspondence data
Financial data
Technical data
Our legitimate interests to keep our records updated and in certain circumstances for the prevention of criminal activity.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.Identity data
Technical data
CCTV data
Our legitimate interests of maintaining the security of our offices.
To comply with our legal and regulatory requirements.Identity data
Contact data
Employment data
Correspondence data
Financial data
Technical data
Compliance with our legal and regulatory obligations.
To monitor emails sent to us (including attachments) for viruses or malicious software.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests to protect and maintain the security of our systems.
To protect and manage email traffic.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests to protect and maintain the security of our systems.
To share personal data with third parties in certain circumstances as detailed in Section  Three (including in certain circumstances with third parties based outside of the UK and/or EEA).Identity data
Contact data
Employment data
Correspondence data
Financial data
Technical data
CCTV data
Our legitimate interests of managing, performing and conducting our business (including outsourcing certain work and/or services). Compliance with our legal and regulatory obligations. Performance of a contract with you or taking steps prior to entering into a contract with you.
Generally to manage the activities of Sumer, including by monitoring and recording electronic communications (including telephone calls and emails).Identity data
Contact data
Employment data
Correspondence data
Financial data
Technical data
CCTV data
Our legitimate interests of pursuing and developing our business.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Where your consent is required

We do not anticipate being required to obtain your consent for the processing of your personal data as listed above. If we consider it necessary to use your personal data for other purposes which do require your consent we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you fail to provide personal information requested

Where we need to collect personal data by law or under the terms of a contract we have with the contractor or service provider or you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with the contractor or service provider or you.  We will notify you if this is the case at that time.

PART FOUR – JOB APPLICANTS

This section of our privacy notice sets out how we may process personal data about applicants for jobs, students applying for or attending work experience with Sumer and/or in relation to other potential employees of Sumer.

In this section you and your means a person who is an applicant for work, or work experience, with Sumer.

The data we may hold

In connection with your application for work or work experience with us, we may hold various categories of personal data about you, which you provide to us from time to time, or which we otherwise obtain in the course of our relationship with you, and which we have grouped together as follows:

Please note that we may collect personal data about you from you directly and/or from recruitment agencies and/or background check providers, which may include reports from the disclosure and barring service (namely unspent criminal convictions), and from third party publicly accessible sources including Companies House records and social media.

We may hold special categories of personal data about you if this is necessary for Sumer to comply with its legal and regulatory obligations and for equal opportunities monitoring (see further details below). We may also collect special category data if you volunteer the information to us in writing.

What we use your personal data for

We will only use your personal data for the following purposes:

Once we receive your CV and covering letter or your application form, we may process that information to decide whether we have any suitable vacancies and if you meet the basic requirements to be shortlisted for the relevant role. If you do, we will decide whether your application is strong enough to invite you for an interview. If we decide to call you for an interview, we will use the information you provide to us at the interview to decide whether to offer you the work. If we decide to offer you the work, we will then take up references and we may carry out criminal record or other checks before confirming your appointment.

Legal basis for processing your personal information

In relation to our processing of special category data, we rely on an additional basis as set out below.

We have set out in the table below a description of the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose / ActivityType of dataLegal basis for processing
To assess your skills and qualifications, to consider your suitability for the position, to decide whether to enter into a contract with you and to take steps prior to entering into a contract with you.Identity data
Right to work data
Financial data
Equal opportunities data
Career data
Correspondence data
Taking steps prior to entering into a contract with you. Our legitimate interests of pursuing and developing our business and growing our work force.
To carry out background and reference checks.Identity data
Contact data
Right to work data
Career data
Correspondence data
Taking steps prior to entering into a contract with you. Compliance with our legal and regulatory obligations.Our legitimate interests of  growing our work force and ensuring potential employees meet our requirements and standards.
To communicate with you about the recruitment process.Identity data
Contact data
Correspondence data
Taking steps prior to entering into a contract with you. Our legitimate interests of pursuing and developing our business and growing our work force.
To keep records related to our hiring processes.Identity data
Contact data
Right to work data
Financial data
Equal opportunities data
Career data
Correspondence data
Compliance with our legal and regulatory obligations. Our legitimate interests of pursuing and developing our business, growing our work force and defending any potential legal claims.
To comply with our legal and regulatory requirements, including the requirements of the Financial Conduct Authority and the rules and requirements of the ICAEW and the ACCA.Identity data
Contact data
Right to work data
Equal opportunities data
Correspondence data
Compliance with our legal and regulatory obligations.
To consider whether we need to provide appropriate adjustments during our recruitment process.Identity data
Equal opportunities data
Compliance with our legal and regulatory obligations.Necessary for the purposes of carrying out obligations in the field of employment law (in particular, our obligation to make reasonable adjustments under the Equality Act 2010).
To be able to undertake equal opportunity monitoring and reporting.Identity data
Equal opportunities data
Our (and our employees’ / prospective employees’) legitimate interests to maintain a diverse and equal working environment and ensure that no discrimination occurs in the workplace.Necessary for the purposes of identifying and keeping under review the existence or absence of equality of opportunity and treatment.
To monitor emails sent to us (including attachments) for viruses or malicious software.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests to protect and maintain the security of our systems.
To protect and manage email traffic.Identity data
Contact data
Correspondence data
Technical data
Our legitimate interests to protect and maintain the security of our systems.
To detect, prevent and/or investigate fraud and crime such as monitoring office CCTV.Identity data
Technical data
CCTV data
Our legitimate interests of maintaining the security of our offices.
To share personal data with third parties in certain circumstances as detailed in Section  Three (including in certain circumstances with third parties based outside of the UK and/or EEA).Identity data
Contact data
Right to work data
Financial data
Career data
Correspondence data
Technical data
CCTV data
Our legitimate interests of managing, performing and conducting our business (including outsourcing certain work and/or services). Compliance with our legal and regulatory obligations. Performance of a contract with you or taking steps prior to entering into a contract with you.
Generally to manage the activities of Sumer, including by monitoring and recording electronic communications (including telephone calls and emails).Identity data
Contact data
Right to work data
Financial data
Career data
Correspondence data
Technical data
CCTV data
Our legitimate interests of pursuing and developing our business.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Where your consent is required

We do not anticipate being required to obtain your consent for the processing of your personal data as listed above. If we consider it necessary to use your personal data for other purposes which do require your consent we will contact you to request this consent. In such circumstances, we will provide you with details of the personal data that we would like and the reason we need it, so that you can carefully consider whether you wish to consent. If you decide to provide your consent, you have the right to withdraw your consent at any time, although that will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw your consent, please contact us. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

Potential employment information

We may send to you from time to time, by email or post, information about employment opportunities with us. You can ask us to stop providing any such information to you at any time.

If you fail to provide personal information requested

If you fail to provide information when requested, which is necessary for us to consider your application (such as evidence of qualifications or work history), we will not be able to process your application. For example, if we require references for a role and you fail to provide us with the relevant details, we will not be able to take your application further.

Data retention periods in relation to job applications

If your application is successful, the information you provide during the application process will be retained by us as part of your employee file and held in accordance with applicable laws and Sumer’s employee privacy notice (copies of which will be available).

If your application is unsuccessful, we may retain and use your personal data to consider you for other positions in the future. Details of the criteria we use to determine the period for which your data will be retained are in Section Three.

PART FIVE – WEBSITE USERS

This section of our privacy notice sets out how we may process personal data about persons who use a Sumer Group website. Some members of the Sumer Group have supplementary privacy notices available on their website(s), which outline in more detail how the relevant member of the Sumer Group will process your personal data in connection with their website. Please refer to the privacy notice on each Sumer Group website you visit for further information.

Our website(s) are not intended for children and we do not knowingly collect personal data about children in connection with our website(s).

In this section, “you” and “your” refers to a person whose personal data is held by us, where that data has been provided to us through your use of our website(s).

The data we may hold

We may hold various kinds of personal data about you, which you may provide to us from time to time or which we otherwise obtain in the course of your use of our website(s) and which we have grouped together as follows:

We will not usually collect any special categories of personal data about you through the use of our website(s). If we do collect any special categories of data, we will make clear the reason to you, and we will ensure we have a lawful basis to process this type of information.

What we use your personal data for

We will only use your personal data for the following purposes:

Legal basis for processing your personal information

We have set out in the table below a description of the ways we use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

Purpose / ActivityType of dataLegal basis for processing
To manage our relationship with you and to provide you with the use of our website(s).Identity data
Contact data
Correspondence data
Technical data
Usage data
Our legitimate interests of providing you with access to and use of our website (including in connection with our business).
Creating and managing an account with you via our website(s) and website portals.Identity data
Contact data
Correspondence data
Technical data
Usage data
Our legitimate interests of providing you with access to and use of our website (including in connection with our business).
Conducting checks to identify you and verify your identity or to help prevent and detect fraud against you or us.Identity data
Contact data
Correspondence data
Technical data
Usage data
Our legitimate interests of providing you with access to and use of our website (including in connection with our business).
To obtain information about the number of visitors and their use of our website(s).Technical data
Usage data
Our legitimate interests of monitoring the use of our website, including for business purposes. Your consent (obtained via our cookies banner).
Retaining and evaluating information on your recent visits to our website(s) and how you move around different sections of our website(s) for analytics purposes to understand how people use our website(s) so that we can make them more intuitive or to check our website(s) are working as intended.Technical data
Usage data
Our legitimate interests of monitoring the use of our website, including for business purposes. Your consent (obtained via our cookies banner).
To ensure that our website(s) are secure.Technical data
Usage data
Our legitimate interests of protecting and ensuring the security of our website(s).
To address any issues you may experience with our website(s).Identity data
Contact data
Correspondence data
Technical data
Usage data
Our legitimate interests of providing you with access to and use of our website (including in connection with our business).
To share personal data with third parties in certain circumstances as detailed in Section  Three (including in certain circumstances with third parties based outside of the UK and/or EEA).Identity data
Contact data
Correspondence data
Technical data
Usage data
Our legitimate interests of managing, performing and conducting our business (including outsourcing certain work and/or services).

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Where your consent is required

If we consider it necessary to obtain your consent in relation to a certain planned use of your personal data, we will contact you or prompt you (via our website(s)) specifically to request this consent.  In such circumstances, we will provide you with details of the personal data that we would like to process and the reason we need to process it, so that you can carefully consider whether you wish to consent. Where you do consent and we rely on consent to process your personal information, you may withdraw that consent at any time by contacting us. We may rely on your consent to use non-essential cookies on our website(s) for the purposes described above. Further information relating to our use of cookies is below.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. Using cookies and collecting this information is for our legitimate interests to ensure our website(s) work and to learn more about the use of our website(s).  In some cases (in relation to the use of non-essential cookies), we will ask for your consent.  For information on how we use cookies, please see the cookies policy on the website you are visiting.

Third Party Websites

Our website(s) may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy notices/statements. When you leave our site, we encourage you to read the privacy notice of every website you visit.

If you fail to provide personal information requested

If you fail to provide information when requested, we may not be able to provide you with full access to, and use of, our website.

SECTION THREE – OTHER INFORMATION

This section of our privacy notice provides information about our data protection practices, including information about our data security and retention policies, details of our arrangements for disclosing personal data to third parties and transferring personal data outside of the UK and EEA and information about your rights under Data Protection Laws.

Data security

We have put in place security measures to seek to prevent your personal data from being accessed by or disclosed to unauthorised persons but we cannot guarantee the security of any data we collect and store. We have put in place procedures to deal with any actual or suspected personal data breach and will notify you and any applicable regulator of such a breach where we are legally required to do so.

Disclosures of your personal data

We may share your data with third parties, including third-party service providers, regulatory bodies and other authorities, and other entities in our group, including where required by law, where it is necessary to administer our relationship with you or where we have another legitimate interest in doing so.


We may also disclose your information to third parties (including professional advisers) in connection with the actual or potential acquisition of some or all of our business or assets.


Where such data is provided to third parties to process it on our behalf, we will enter into agreements with such third parties which impose processing obligations.

International transfers

In some circumstances, your personal data may be transferred outside of the UK or the European Economic Area (“EEA“). In particular, members of the Sumer Group from time to time may be based outside of the UK or the EEA. In addition, some of the external service providers used by Sumer may be based (or carry on processing of personal data) outside of the UK or EEA so their processing of your personal data may involve a transfer of personal data outside of the UK or EEA.

Where we transfer your personal data outside the UK or EEA we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the UK or EEA. Please contact us if you would like further information on the specific safeguards we use when transferring your personal data out of the UK or EEA.

Data retention periods

We retain personal data in accordance with our retention policy. We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of that personal data, the purposes for which we process that personal data and whether we can achieve those purposes through other means as well as the applicable legal and regulatory requirements (including the requirements of the ICAEW and ACCA).

Automated decision-making

You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.

Your legal rights

In certain circumstances, you have the right to:

If you wish to exercise any of the rights set out above, please contact us at compliance@sumer.co.uk

Where you have given consent to the processing of your personal data, you may withdraw that consent at any time. Withdrawing your consent will not affect the lawfulness of processing based on consent before its withdrawal or the lawfulness of continued processing not based on consent. To withdraw your consent to processing by Sumer, please contact us at compliance@sumer.co.uk.

You will not usually have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

Complaints

You have the right to make a complaint to the applicable supervisory data protection authority which, if you are based in the UK, is the Information Commissioner’s Office. If you would like further information on who to contact to submit a complaint, please contact us at compliance@sumer.co.uk. We would, however, appreciate the chance to deal with your concerns before you approach the applicable data protection authority so please contact us in the first instance.


Need help? Contact one of our advisers